This week: GitHub pulled GPT-4.1 from every Copilot surface with almost no warning. Twilio set a hard deadline for killing legacy cipher suites. And Resend quietly swapped out its webhook verification library — if you're importing svix directly, your code is about to break.
Plus 14 more changes across MongoDB, Firebase, Sentry, Shopify, Supabase, and others.
⏰ The Deprecation Clock
| API | What's Changing | Deadline | Urgency |
|---|---|---|---|
| GitHub Copilot | GPT-4.1 model removed from all experiences | June 1, 2026 | 🔴 Past due |
| Twilio | Legacy cipher suites blocked on all endpoints | November 18, 2026 | 🟠 ~5 months |
🔴 Breaking Changes
GitHub Copilot: GPT-4.1 Model Deprecated
GitHub has deprecated the GPT-4.1 model across all Copilot experiences — Chat, inline edits, ask mode, agent mode, and code completions. If your workflows or integrations explicitly request GPT-4.1, they'll need to switch to the recommended alternative model.
| What breaks | Any code or configuration that hardcodes GPT-4.1 as the model in Copilot API calls, IDE settings, or automation workflows. Affects Chat, inline edits, ask mode, agent mode, and code completions. |
| What to do | Remove hardcoded references to GPT-4.1 and switch to the suggested alternative model or use Copilot's auto model selection. Check your Copilot configuration files and API integrations. |
| Deadline | June 1, 2026. If you haven't migrated yet, do it now. |
Read more → GitHub Copilot changelog
Resend v6.12.4: svix Replaced with standardwebhooks
Resend v6.12.4 swapped out the svix library for standardwebhooks as its webhook verification dependency. The changelog frames this as a fix to "reduce install size," but if you're importing svix directly from the Resend package or using svix-specific verification methods, your webhook handling code will break.
| What breaks | Code that imports svix from the Resend package or uses svix-specific webhook verification methods (e.g., the Webhook class from svix, verification signatures using svix's API). |
| What to do | Update your webhook verification code to use the standardwebhooks library instead of svix. Review Resend's updated documentation for the new verification pattern. |
| Deadline | No official deadline announced. The change shipped in v6.12.4 — if you update to this version, you need to migrate immediately. |
Read more → Resend v6.12.4 changelog
🟡 Security Critical
Twilio: Legacy Cipher Suites Being Blocked
Twilio is enforcing modern encryption standards across all API endpoints. After November 18, 2026, connections using legacy cipher suites — including TLS versions below 1.2, weak algorithms like RC4 and 3DES, and cipher suites without forward secrecy — will be rejected.
| What breaks | TLS connections to any Twilio endpoint (REST API, webhooks, Voice, Video) using outdated SSL/TLS settings. Applications on older operating systems with legacy cryptographic libraries are most at risk. |
| What to do | Ensure your HTTP clients and TLS configurations support TLS 1.2+ with modern cipher suites (ECDHE-based with forward secrecy). Update underlying OS and cryptographic libraries. Test your connections against Twilio's endpoints before the deadline. |
| Deadline | November 18, 2026. Start testing now — you have roughly 5 months. |
Read more → Twilio security documentation
Resend v6.12.4: Next.js Security Dependency Update
Resend updated its Next.js dependency to v16.2.6 to patch a security vulnerability. No changes to Resend's API surface — this is a dependency-level fix.
What to do: Update your Resend package to the latest version to pick up the patched Next.js dependency. Recommend updating within 7 days.
Read more → Resend v6.12.4 changelog
👀 Worth Watching
Firebase JavaScript SDK 12.14.0: FCM Registration API Deprecated
Firebase added a new API for creating and deleting FCM (Firebase Cloud Messaging) registrations and deprecated the old methods. If you're using FCM for push notifications, you'll eventually need to migrate.
What to do: Check which FCM registration methods your code uses and plan to update to the new API. No sunset deadline announced yet, but deprecated methods will be removed in a future release. Migration effort: Medium.
MongoDB Node.js Driver 7.2.0: Standards-Based APIs Replace Node-Specific Ones
MongoDB's latest driver release is fully backward compatible, but signals a clear direction: Node-specific Buffer and crypto APIs are being replaced with standards-based equivalents (Uint8Array and Web Crypto API). The old APIs still work today.
Why it matters: This won't break anything now, but it telegraphs where MongoDB is heading. If you're starting new projects with the MongoDB Node.js driver, prefer the standards-based APIs. Existing code can migrate at your own pace.
Also new in 7.2.0: Intelligent Workload Management support (new maxAdaptiveRetries and enableOverloadRetargeting client options), experimental runtime dependency injection, and bufferedCount() on ChangeStreams.
📋 The Changelog Roundup
Everything else that shipped this week — nothing breaking, but worth a scan.
| Clerk 4.14.0 | Patch release with internal dependency updates. No action needed. |
| Sentry | Major feature release with AI/autofix improvements, dashboard enhancements, and monitoring updates. No breaking changes. |
| Terraform 1.15.5 | Added support for null module version evaluation. Fixed crash on init for modules with empty source. |
| AWS HealthOmics | StartRun API now supports specifying Nextflow engine version at runtime via new engine-settings parameter. |
| Amazon EKS | Now supports Kubernetes 1.36 with User Namespaces GA, Mutating Admission Policies, In-Place Pod Vertical Scaling, and Resource Health Status reporting. |
| Vercel | Introduced automatic memory monitoring that adjusts machine tiers to prevent out-of-memory build failures. |
| Shopify | Partner Dashboard now extends review management from new app submissions to also cover app audits. |
| Cloudflare Logpush | Added new Turnstile Events dataset for tracking bot detection and user verification events. |
| Supabase Auth | Beta release of Passkeys — passwordless authentication via WebAuthn with biometric and security key support. |
| Firebase JS SDK 12.14.0 | New initializeDeviceModel() for on-device AI. Hybrid inference moved from beta to GA. Min/max FieldValue operations added to Firestore. |
| Netlify CLI 26.1.0 | New function config properties. Internal dependency cleanup (uuid and extract-zip replaced). |
That's 17 changes across 14 APIs this week. The two to act on now: verify your Copilot model settings if you pinned GPT-4.1, and check your Resend webhook verification if you're on v6.12.4.
The Twilio cipher deadline gives you 5 months, but don't wait — TLS configuration changes are the kind of thing that's easy to test now and painful to debug in November.
See you next week.